So, 60% of small companies are out of businesses? I think not. What you need to ask yourself is: what is considered a 'cyber attack'? Is spam a cyber attack? What about phishing? What about your DNS provider being DDoSed? Ransomware? Macros? -- Companies are hit by these daily, and not only do they stay in business, many times (most?) they don't even notice the 'attack'. As it turns out, almost NO companies have ever shut down because of a breach. DigiNotar did, as did a couple others, but it's rare.
A cyber attack that is reported? I have cleaned up from at least hundreds of cyber attacks targeted at small businesses. Thousands if you count compromised workstations that never to our knowledge exfiltrated data. But only two or so of those were reported. And those two were big deals.<p>So sure, if by cyber attacks, you mean attacks reported to law enforcement, I buy it. Small companies usually see downside and no upside in getting the cops involved in attacks that they can get technical staff to deal with.